Load balancing firewall with ubuntu server

Daniel Pittman daniel at rimspace.net
Mon Oct 15 04:15:00 UTC 2007 

carlopmart <carlopmart at gmail.com> writes:

> Somebody knows a good tutorial or howto where explains how to setup a
> load balancing/failover firewall with ubuntu?? 

Nope, sorry.  I have built a few of these and there really isn't very
much good documentation on how to build high availability systems at
all, let alone how to get more obscure areas such as firewalls
functional.

To a large degree this is because "if you need to ask you don't know
how" is more or less true in the high availability space: building a
solution to your availability needs is, I guarantee you, harder than you
expect.[1]

> Is it possible to do it?? 

Within reason, yes.  There still isn't, to the best of my knowledge, a
working, stable mechanism for sharing connection tracking state between
Linux machine[2] so you can't have transparent stateful fail-over.

> I need the same funcionalities as carp with pf does
> (http://www.openbsd.org/cgi-bin/man.cgi?query=carp&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html)
> but using ubuntu.

Some but not all of the facilities described there are present in
packages available as part of Ubuntu, and can be implemented
successfully.

Given that these programs exist and are absolutely trivially located
with any reasonable search you might choose to perform I suspect you
didn't research this heavily on your own before asking here.[3]

You may find people more willing to invest in helping you in future if
you give more evidence of having done the basic research yourself first.

Regards,
        Daniel

Footnotes: 
[1]  This is true even if you have extensive experience on other
     platforms but not Linux; I can build a Linux H-A system I would
     trust but I wouldn't give myself a sliver of a hope on OpenBSD as I
     simply don't know the platform specifics well enough.

[2]  At least one proposed mechanism exists but, as far as I know,
     hasn't been ported to the latest unification of IPv4 and IPv6
     Netfilter or "blessed" upstream.

[3]  Including, of note, 'apt-cache search carp'

-- 
Daniel Pittman <daniel at cybersource.com.au>           Phone: 03 9621 2377
Level 4, 10 Queen St, Melbourne             Web: http://www.cyber.com.au
Cybersource: Australia's Leading Linux and Open Source Solutions Company

More information about the ubuntu-server mailing list